Juniper Research suggests that by 2019, the damage from cybercrime will amount to more than $ 2 trillion. Therefore, the demand for forensic analysis will continue to grow.

The software is the best friend of the system administrator, and the use of a suitable tool will help to work faster and more productively.

Investigating incidents is not an easy task because you need to gather as much information as possible in order to obtain evidence and develop a plan for eliminating the consequences. Below I will describe several useful tools for investigating incidents. Most of them are free!

1. AutopsyThe autopsy is an open source and graphical user interface for efficient forensic research on hard disks and smartphones. Thousands of people use Autopsy to figure out what really happened to the computer.

Autopsy

Specialists of large companies and the military widely use Autopsy in their work. Below are some of the Autopsy features:

2. Encrypted Disk DetectorEncrypted Disk Detector can help you analyze encrypted hard disks. The program works with partitions encrypted with TrueCrypt, PGP, Bitlocker, Safeboot.

3. WiresharkWireshark is a tool for capturing and analyzing network packets that will help you monitor what is happening on your network. Wireshark comes in handy when investigating a network incident.

4. Magnet RAM CaptureMagnet RAM capture allows you to take a snapshot of RAM and analyze artifacts in memory. The program works with Windows.

5. Network Miner

Network Miner

This interesting forensic analysis tool for Windows, Linux, and MAC OS X allows you to determine the operating system, hostname, detect sessions and open ports using a traffic analyzer or PCAP file. Network Miner displays the extracted artifacts in an intuitive interface.

6. NMAPNMAP (Network Mapper) is one of the most popular tools for auditing network and information security. NMAP is compatible with most operating systems, including Windows, Linux, Solaris, MAC OS, HP-UX, etc. The program is open source, so it’s free.

7. RAM CapturerRAM Capturer by Belkasoft is a free tool for creating a dump of volatile computer memory. The program is compatible with Windows. A memory dump can contain passwords and data on encrypted volumes to enter the e-mail or social networks.

8. Forensic Investigator

Forensic Investigator

If you use Splunk, then Forensic Investigator is useful to you. This application for Splunk performs many functions.

WHOIS/GeoIP requests;

Ping;

Port scanner;

Header collector;

URL analyzer/decoder;

XOR/HEX/Base64 converter;

View SMB Share/NetBIOS;

Virus Total.

9. FAWFAW (Forensics Acquisition of Websites) is used to collect data about a web page for further research. The tool includes the following:

FAW

Saving the page partially or completely;

Preservation of all kinds of images;

Saving the HTML source code of the web page;

Work with Wireshark.

10. HashMyFiles

HashMyFiles

HashMyFiles will help you calculate MD5 and SHA1 hashes. The tool works on almost all the latest versions of Windows.

11. USB Write Blocker

USB Write Blocker

View the contents of the USB drive without leaving fingerprints, metadata and timestamps. USB Write Blocker uses the Windows registry to protect against writing to USB devices.

12. Crowd ResponseResponse from Crowd Strike is a Windows application designed to collect system information in order to respond to an incident and improve security. Results can be presented in XML, CSV, TSV or HTML formats using CRConvert. The program runs on all 32-bit and 64-bit versions of Windows starting with XP.

SIFT (SANS investigative forensic toolkit) is a workstation that is freely available for Ubuntu 14.04. SIFT is a set of useful analysis tools and one of the most popular open source incident response platforms.

17. Dumpzilla

Dumpzilla

Extract all the information you are interested in from the browsers Firefox, Iceweasel, and Seamonkey with Dumpzilla.

18. Browser History

Foxton has two interesting tools:

Save browser history (Chrome, Firefox, IE, and Edge) for Windows;

View your browser history. You can extract and analyze the history of actions in most modern browsers. The results are displayed on an interactive graph, and historical data can be filtered.

19. ForensicUserInfo

Using ForensicUserInfo you can extract the following information:

RID;

LM / NT hash;

Change of password, expiration of the account;

The number of entries in the system, the date of failed attempts;

Groups;

The path to the profile.

20. BackTrackBacktrack is one of the most popular platforms for vulnerability testing, but it also features forensic analysis.

21. Paladin

Paladin

PALADIN Forensic Suite is the most popular set of forensic tools for Linux in the world, which is a modified Linux distribution based on Ubuntu and available in 32- and 64-bit versions.

Paladin includes more than 100 tools, which are grouped into 29 categories. That’s almost all you need to investigate the incident. The autopsy is included in the latest version – Paladin 6.

22. Sleuth KitThe Sleuth Kit is a set of command-line tools for examining and analyzing logical disks and file systems to find data.

23. CAINE

CAINE

CAINE (Computer Aided Investigate Environment) is a Linux distribution that offers a complete expert platform with more than 80 tools for analysis, research and reporting of actions.

I hope that the above tools will help you cope with the incident and accelerate the investigation.

Paul Brook is a professional full stack developer & IT content marketer. Developer by day and a content Marketer by night. He is the lead Developer and content marketer at www.smartspate.com. His passion for helping people in all aspects IT and Marketing flows through in the expert industry coverage he provides. In addition to IT, also provide technical SEO and copywriting services for business of all sizes.

Find Us At:

error: This Content is Protected! All Rights belong to Smart Spate Ltd.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. For information on a cookie and how it impacts on users, you can visit our Privacy Policy and Cookie Policy.AcceptCloseRead more